OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of 0xDEADC0DE »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - 0xDEADC0DE

Pages: [1] 2
1
General Discussion / Question about haproxy
« on: October 22, 2018, 12:16:21 pm »
Currently we have different services running behind our OPNsense box like
otrs, mattermost, svn, website aso.
Only one website is currently running on port 443, all other sites use different
ports. Now I want to change all website to use the standard port 443.
I cannot do let's encrypt on opnsense with haproxy as some sites use client
certificates and they have different requirements for TLS.
Is there a possibility to only inspect the SNI and forward the "raw" TCP to the correct server?
I know that I cannot use ESNI with TLS 1.3 then but I don't care about that.

2
18.7 Legacy Series / Re: haproxy port 443 questions
« on: October 01, 2018, 12:01:17 am »
I think I will try to use port 9999 and redirect from 443 to 9999 with haproxy.
Perhaps it works.

Is there a good explanation between the two modes "http / https" and "https tcp"?

3
18.7 Legacy Series / haproxy port 443 questions
« on: September 30, 2018, 01:35:52 pm »
I have some difficulties setting up haproxy in this configuration:

WAN access to port 443 https distributes access to different backend servers depending on domain name is working.
LAN access to port 443 for OPNsense GUI doesn't work.
I can access it when I change it to e.g. port 9999.
How can I configure this setup? Is it even possible?

4
17.7 Legacy Series / Re: [SOLVED] OpenVPN: --ns-cert-type is DEPRECATED
« on: September 25, 2017, 10:33:32 pm »
Thanks franco.  👍

5
17.7 Legacy Series / [SOLVED] OpenVPN: --ns-cert-type is DEPRECATED
« on: September 21, 2017, 12:48:15 am »
When I connect with OpenVPN I get this warning:

Code: [Select]
WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.

pfSense fixed it already. Perhaps you can include the code.
https://forum.pfsense.org/index.php?topic=129676.0

I get many requests from my users about this warning. Currently I fixed it by manually
editing the config file.

6
17.7 Legacy Series / Re: WAN link state down not comming up correctly
« on: September 14, 2017, 10:37:00 pm »
Code: [Select]
Sep 13 09:56:32 opnsense: /index.php: Successful login for user 'root' from: 192.168.0.68
Sep 13 09:47:43 opnsense: /usr/local/etc/rc.newwanip: Interface '' is disabled or empty, nothing to do.
Sep 13 09:47:43 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'ovpns5'
Sep 13 09:47:43 configd.py: [4f98dc61-adbc-4091-92e2-9e582c1f18a8] rc.newwanip starting ovpns5
Sep 13 09:47:43 kernel: ovpns5: link state changed to UP
Sep 13 09:47:43 configd.py: [f49235c4-b040-415f-9597-84826affdc9b] Reloading filter
Sep 13 09:47:21 configd.py: [3986ec86-4f7e-4802-94f9-cb4df7236f0b] Reloading filter
Sep 13 09:47:21 kernel: ovpns5: link state changed to DOWN
Sep 13 09:47:00 opnsense: /usr/local/etc/rc.newwanip: Interface '' is disabled or empty, nothing to do.
Sep 13 09:47:00 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'ovpns1'
Sep 13 09:46:59 configd.py: [baadca82-d712-4c67-9a4e-9c4893e6ecf5] rc.newwanip starting ovpns1
Sep 13 09:46:59 kernel: ovpns1: link state changed to UP
Sep 13 09:46:59 configd.py: [f0724f59-c7d8-49b5-a01f-fbd777e872df] Reloading filter
Sep 13 09:46:38 configd.py: [1e639653-4b0a-4438-b334-06718960c517] Reloading filter
Sep 13 09:46:38 kernel: ovpns1: link state changed to DOWN
Sep 13 09:46:16 opnsense: /usr/local/etc/rc.newwanip: Interface '' is disabled or empty, nothing to do.
Sep 13 09:46:16 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'ovpns2'
Sep 13 09:46:16 configd.py: [ec170a80-cf28-4826-b984-7db47dff2f74] rc.newwanip starting ovpns2
Sep 13 09:46:16 kernel: ovpns2: link state changed to UP
Sep 13 09:46:16 configd.py: [3ecbda84-d15d-411b-9d69-7c53bd640f35] Reloading filter
Sep 13 09:45:55 configd.py: [3275637d-2f85-42aa-9d55-26b61ef882ed] Reloading filter
Sep 13 09:45:55 kernel: ovpns2: link state changed to DOWN
Sep 13 09:45:55 opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN.
Sep 13 09:45:37 configd.py: unable to sendback response [OK ] for [interface][linkup][['start', 'em1']] {5d1609cb-ff1a-4e14-b63e-590158a6dd85}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 202, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe
Sep 13 09:45:34 opnsense: /usr/local/etc/rc.linkup: The command '/sbin/route delete -inet '192.168.10.0/24'' returned exit code '1', the output was 'route: route has not been found delete net 192.168.10.0 fib 0: not in table'
Sep 13 09:45:34 opnsense: /usr/local/etc/rc.linkup: The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf em1 > /tmp/em1_output 2> /tmp/em1_error_output' returned exit code '1', the output was ''
Sep 13 09:45:34 opnsense: /usr/local/etc/rc.linkup: HOTPLUG: Configuring interface wan
Sep 13 09:45:34 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet attached event for wan
Sep 13 09:45:34 configd.py: [6d30da41-974d-4094-a6de-086ca22beee6] Linkup starting em1
Sep 13 09:45:34 opnsense: /usr/local/etc/rc.linkup: Clearing states to old gateway 192.168.177.1.
Sep 13 09:45:33 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet detached event for wan
Sep 13 09:45:33 configd.py: [f57c3d54-bb22-4069-af97-f17485103280] Linkup stopping em1
Sep 13 09:45:33 configd_ctl.py: error in configd communication Traceback (most recent call last): File "/usr/local/opnsense/service/configd_ctl.py", line 65, in exec_config_cmd line = sock.recv(65536) timeout: timed out
Sep 13 09:45:10 opnsense: /usr/local/etc/rc.newwanip: The command '/sbin/route delete -inet '192.168.10.0/24'' returned exit code '1', the output was 'route: route has not been found delete net 192.168.10.0 fib 0: not in table'
Sep 13 09:45:10 opnsense: /usr/local/etc/rc.newwanip: ROUTING: setting IPv4 default route to 192.168.177.1
Sep 13 09:45:10 opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.177.55) (interface: WAN[wan]) (real interface: em1).
Sep 13 09:45:10 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'em1'
Sep 13 09:44:57 kernel: em1: link state changed to UP
Sep 13 09:44:51 opnsense: /usr/local/etc/rc.linkup: The command '/sbin/route delete -inet '192.168.10.0/24'' returned exit code '1', the output was 'route: route has not been found delete net 192.168.10.0 fib 0: not in table'
Sep 13 09:44:51 opnsense: /usr/local/etc/rc.linkup: The command '/sbin/route add -'inet' default '192.168.177.1'' returned exit code '1', the output was 'route: writing to routing socket: Network is unreachable add net default: gateway 192.168.177.1 fib 0: Network is unreachable'
Sep 13 09:44:51 opnsense: /usr/local/etc/rc.linkup: ROUTING: setting IPv4 default route to 192.168.177.1
Sep 13 09:44:02 kernel: em1: link state changed to DOWN
Sep 13 09:43:33 opnsense: /usr/local/etc/rc.linkup: HOTPLUG: Configuring interface wan
Sep 13 09:43:33 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet attached event for wan
Sep 13 09:43:33 configd.py: [5d1609cb-ff1a-4e14-b63e-590158a6dd85] Linkup starting em1
Sep 13 09:43:33 kernel: em1: link state changed to UP
Sep 13 09:43:18 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet detached event for wan
Sep 13 09:43:18 configd.py: [2ed9ee2a-a03d-496d-b8a9-d61d64fdbb55] Linkup stopping em1
Sep 13 09:43:18 kernel: em1: link state changed to DOWN
Sep 13 09:39:42 kernel: arp: 192.168.0.86 moved from 20:28:d7:72:00:f8 to 90:84:0d:d1:fd:b0 on em0
Sep 13 08:38:38 kernel: arp: 192.168.0.86 moved from 20:22:69:10:01:f8 to 90:84:0d:d1:fd:b0 on em0
Sep 13 07:50:57 opnsense: /usr/local/etc/rc.newwanip: Interface '' is disabled or empty, nothing to do.
Sep 13 07:50:57 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'ovpns5'
Sep 13 07:50:57 configd.py: [b9c0d634-18fe-4201-8480-eb7cc2c54345] rc.newwanip starting ovpns5
Sep 13 07:50:57 kernel: ovpns5: link state changed to UP
Sep 13 07:50:57 configd.py: [bfe17c05-83db-42ee-8807-059c135320c9] Reloading filter
Sep 13 07:50:35 configd.py: [4b8262eb-cc02-407b-ad50-50914a61b087] Reloading filter
Sep 13 07:50:35 kernel: ovpns5: link state changed to DOWN
Sep 13 07:50:14 opnsense: /usr/local/etc/rc.newwanip: Interface '' is disabled or empty, nothing to do.
Sep 13 07:50:14 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'ovpns1'
Sep 13 07:50:14 configd.py: [6fe35288-7498-4016-9153-987a0d2ec05a] rc.newwanip starting ovpns1
Sep 13 07:50:14 kernel: ovpns1: link state changed to UP
Sep 13 07:50:14 configd.py: [b816f909-7f15-4e03-80b3-4dfba834c548] Reloading filter
Sep 13 07:49:52 configd.py: [04243eb3-6901-4650-b5b5-7399dfc0138a] Reloading filter
Sep 13 07:49:52 kernel: ovpns1: link state changed to DOWN
Sep 13 07:49:30 opnsense: /usr/local/etc/rc.newwanip: Interface '' is disabled or empty, nothing to do.
Sep 13 07:49:30 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'ovpns2'
Sep 13 07:49:30 configd.py: [6bdbaf42-1d4c-4cba-b7d6-9467436b1323] rc.newwanip starting ovpns2
Sep 13 07:49:30 kernel: ovpns2: link state changed to UP
Sep 13 07:49:30 configd.py: [9b43b42b-3a42-4bba-bf5a-044f33fd9106] Reloading filter
Sep 13 07:49:09 configd.py: [f9c44a04-a7a4-4b61-b6a6-9f375cf2dc8a] Reloading filter
Sep 13 07:49:09 kernel: ovpns2: link state changed to DOWN
Sep 13 07:49:08 opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN.
Sep 13 07:49:08 opnsense: /usr/local/etc/rc.linkup: The command '/sbin/route delete -inet '192.168.10.0/24'' returned exit code '1', the output was 'route: route has not been found delete net 192.168.10.0 fib 0: not in table'
Sep 13 07:49:08 opnsense: /usr/local/etc/rc.linkup: The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf em1 > /tmp/em1_output 2> /tmp/em1_error_output' returned exit code '1', the output was ''
Sep 13 07:49:08 opnsense: /usr/local/etc/rc.linkup: HOTPLUG: Configuring interface wan
Sep 13 07:49:08 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet attached event for wan
Sep 13 07:49:08 configd.py: [05d910a6-5b54-41ba-9382-e7f3d4b8dad9] Linkup starting em1
Sep 13 07:49:08 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet detached event for wan
Sep 13 07:49:08 configd.py: [0eba45a4-1883-473f-a978-7373d8b38ab2] Linkup stopping em1
Sep 13 07:48:53 configd.py: unable to sendback response [OK ] for [interface][linkup][['start', 'em1']] {4167cee1-2705-4926-b4f7-5c0e114bf53b}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 202, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe
Sep 13 07:48:46 opnsense: /usr/local/etc/rc.linkup: The command '/sbin/route delete -inet '192.168.10.0/24'' returned exit code '1', the output was 'route: route has not been found delete net 192.168.10.0 fib 0: not in table'
Sep 13 07:48:46 opnsense: /usr/local/etc/rc.linkup: The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf em1 > /tmp/em1_output 2> /tmp/em1_error_output' returned exit code '1', the output was ''
Sep 13 07:48:46 opnsense: /usr/local/etc/rc.linkup: HOTPLUG: Configuring interface wan
Sep 13 07:48:46 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet attached event for wan
Sep 13 07:48:46 configd.py: [33bc0eaa-f382-4c05-8101-a0275a2d0653] Linkup starting em1
Sep 13 07:48:46 opnsense: /usr/local/etc/rc.linkup: Clearing states to old gateway 192.168.177.1.
Sep 13 07:48:46 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet detached event for wan
Sep 13 07:48:46 configd.py: [391594e9-b89c-47f0-aa43-553557503e62] Linkup stopping em1
Sep 13 07:48:46 configd_ctl.py: error in configd communication Traceback (most recent call last): File "/usr/local/opnsense/service/configd_ctl.py", line 65, in exec_config_cmd line = sock.recv(65536) timeout: timed out
Sep 13 07:48:30 opnsense: /usr/local/etc/rc.newwanip: The command '/sbin/route delete -inet '192.168.10.0/24'' returned exit code '1', the output was 'route: route has not been found delete net 192.168.10.0 fib 0: not in table'
Sep 13 07:48:30 opnsense: /usr/local/etc/rc.newwanip: ROUTING: setting IPv4 default route to 192.168.177.1
Sep 13 07:48:30 opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.177.55) (interface: WAN[wan]) (real interface: em1).
Sep 13 07:48:30 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'em1'
Sep 13 07:48:18 kernel: em1: link state changed to UP
Sep 13 07:48:14 opnsense: /usr/local/etc/rc.linkup: The command '/sbin/route delete -inet '192.168.10.0/24'' returned exit code '1', the output was 'route: route has not been found delete net 192.168.10.0 fib 0: not in table'
Sep 13 07:48:14 opnsense: /usr/local/etc/rc.linkup: The command '/sbin/route add -'inet' default '192.168.177.1'' returned exit code '1', the output was 'route: writing to routing socket: Network is unreachable add net default: gateway 192.168.177.1 fib 0: Network is unreachable'
Sep 13 07:48:14 opnsense: /usr/local/etc/rc.linkup: ROUTING: setting IPv4 default route to 192.168.177.1
Sep 13 07:47:22 kernel: em1: link state changed to DOWN
Sep 13 07:46:54 kernel: em1: link state changed to UP
Sep 13 07:46:47 kernel: em1: link state changed to DOWN
Sep 13 07:46:46 opnsense: /usr/local/etc/rc.linkup: HOTPLUG: Configuring interface wan
Sep 13 07:46:46 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet attached event for wan
Sep 13 07:46:46 configd.py: [4167cee1-2705-4926-b4f7-5c0e114bf53b] Linkup starting em1
Sep 13 07:46:46 kernel: em1: link state changed to UP
Sep 13 07:46:43 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet detached event for wan
Sep 13 07:46:43 configd.py: [01dda43a-841f-4cfd-92c1-658395f41452] Linkup stopping em1
Sep 13 07:46:43 kernel: em1: link state changed to DOWN
Sep 13 07:44:23 opnsense: /usr/local/etc/rc.newwanip: Interface '' is disabled or empty, nothing to do.
Sep 13 07:44:23 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'ovpns5'
Sep 13 07:44:23 configd.py: [e7c61684-0deb-46b7-b8bc-23ea325de158] rc.newwanip starting ovpns5
Sep 13 07:44:23 kernel: ovpns5: link state changed to UP
Sep 13 07:44:23 configd.py: [bec3dfde-78b0-43ab-a1ad-045e73d0bfcd] Reloading filter
Sep 13 07:44:02 configd.py: [997614d1-e3cc-441e-a476-0aebaa62693e] Reloading filter
Sep 13 07:44:02 kernel: ovpns5: link state changed to DOWN
Sep 13 07:43:40 opnsense: /usr/local/etc/rc.newwanip: Interface '' is disabled or empty, nothing to do.
Sep 13 07:43:40 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'ovpns1'
Sep 13 07:43:40 configd.py: [bcf8b26d-83bf-4779-acd8-8c2bf9f714d5] rc.newwanip starting ovpns1
Sep 13 07:43:40 kernel: ovpns1: link state changed to UP
Sep 13 07:43:40 configd.py: [c7eb1f2e-8b43-4159-ac95-f543c05ded82] Reloading filter
Sep 13 07:43:18 configd.py: [20d95a1b-e8f8-4d97-85cf-12f85f22b4cf] Reloading filter
Sep 13 07:43:18 kernel: ovpns1: link state changed to DOWN
Sep 13 07:42:57 opnsense: /usr/local/etc/rc.newwanip: Interface '' is disabled or empty, nothing to do.
Sep 13 07:42:57 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'ovpns2'
Sep 13 07:42:57 configd.py: [ec74f7eb-e8c2-42ee-914f-36c41b513cbf] rc.newwanip starting ovpns2
Sep 13 07:42:57 kernel: ovpns2: link state changed to UP
Sep 13 07:42:57 configd.py: [9c9a8a32-df5b-4d71-9bbf-9794b7b11f35] Reloading filter
Sep 13 07:42:35 configd.py: [5a117ce5-2e4b-44bd-ba21-22e4f495d36b] Reloading filter
Sep 13 07:42:35 kernel: ovpns2: link state changed to DOWN
Sep 13 07:42:35 opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN.
Sep 13 07:42:10 opnsense: /usr/local/etc/rc.linkup: The command '/sbin/route delete -inet '192.168.10.0/24'' returned exit code '1', the output was 'route: route has not been found delete net 192.168.10.0 fib 0: not in table'
Sep 13 07:42:10 opnsense: /usr/local/etc/rc.linkup: The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf em1 > /tmp/em1_output 2> /tmp/em1_error_output' returned exit code '1', the output was ''
Sep 13 07:42:10 opnsense: /usr/local/etc/rc.linkup: HOTPLUG: Configuring interface wan
Sep 13 07:42:10 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet attached event for wan
Sep 13 07:42:10 configd.py: [27a5d8fc-cb95-470a-a94c-e0ba39bcb491] Linkup starting em1
Sep 13 07:42:10 opnsense: /usr/local/etc/rc.linkup: Clearing states to old gateway 192.168.177.1.
Sep 13 07:42:09 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet detached event for wan
Sep 13 07:42:09 configd.py: [5f2a393f-7d92-4934-a034-8669cd1ff2f6] Linkup stopping em1
Sep 13 07:42:08 opnsense: /usr/local/etc/rc.newwanip: ROUTING: setting IPv4 default route to 192.168.177.1
Sep 13 07:42:08 opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.177.55) (interface: WAN[wan]) (real interface: em1).
Sep 13 07:42:08 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'em1'
Sep 13 07:41:56 kernel: em1: link state changed to UP
Sep 13 07:41:47 opnsense: /usr/local/etc/rc.linkup: The command '/sbin/route delete -inet '192.168.10.0/24'' returned exit code '1', the output was 'route: route has not been found delete net 192.168.10.0 fib 0: not in table'
Sep 13 07:41:47 opnsense: /usr/local/etc/rc.linkup: The command '/sbin/route add -'inet' default '192.168.177.1'' returned exit code '1', the output was 'route: writing to routing socket: Network is unreachable add net default: gateway 192.168.177.1 fib 0: Network is unreachable'
Sep 13 07:41:47 opnsense: /usr/local/etc/rc.linkup: ROUTING: setting IPv4 default route to 192.168.177.1
Sep 13 07:41:01 kernel: em1: link state changed to DOWN
Sep 13 07:40:28 opnsense: /usr/local/etc/rc.linkup: HOTPLUG: Configuring interface wan
Sep 13 07:40:28 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet attached event for wan
Sep 13 07:40:27 configd.py: [c24eb6bd-7b4c-410c-9534-edf1317242e2] Linkup starting em1
Sep 13 07:40:27 kernel: em1: link state changed to UP
Sep 13 07:40:19 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet detached event for wan
Sep 13 07:40:19 configd.py: [4713144d-a55f-4547-bf5d-d3cdd1c666a8] Linkup stopping em1
Sep 13 07:40:19 kernel: em1: link state changed to DOWN
Sep 13 07:37:30 kernel: arp: 192.168.0.86 moved from 20:30:e9:72:00:f8 to 90:84:0d:d1:fd:b0 on em0
Sep 13 05:34:12 kernel: arp: 192.168.0.86 moved from 20:50:37:10:01:f8 to 90:84:0d:d1:fd:b0 on em0
Sep 13 04:33:00 kernel: arp: 192.168.0.86 moved from 20:bc:bd:72:00:f8 to 90:84:0d:d1:fd:b0 on em0
Sep 13 03:31:49 kernel: arp: 192.168.0.86 moved from 20:3a:fa:72:00:f8 to 90:84:0d:d1:fd:b0 on em0

7
17.7 Legacy Series / WAN link state down not comming up correctly
« on: September 14, 2017, 10:36:47 pm »
Everything was running fine for 2 weeks. Last night, WAN link state changed to DOWN and UP very often.
In the morning we had no internet access.
I've rebooted our OPNsense box and everything was up again.
I don't know what the problem was. Here is the log from where it started until the reboot.
Can you tell me if this is a bug?

Code: [Select]
Sep 13 02:40:03 opnsense: /usr/local/etc/rc.newwanip: Interface '' is disabled or empty, nothing to do.
Sep 13 02:40:03 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'ovpns5'
Sep 13 02:40:02 configd.py: [63403cdd-e6d7-4007-b78b-4014c07edeb8] rc.newwanip starting ovpns5
Sep 13 02:40:02 kernel: ovpns5: link state changed to UP
Sep 13 02:40:02 configd.py: [e0cfefb7-5a7d-42ae-a54d-701a599ac0e7] Reloading filter
Sep 13 02:39:41 configd.py: [d2b1f58b-3b49-4b14-9bdd-9c06ae7a95ce] Reloading filter
Sep 13 02:39:41 kernel: ovpns5: link state changed to DOWN
Sep 13 02:39:19 opnsense: /usr/local/etc/rc.newwanip: Interface '' is disabled or empty, nothing to do.
Sep 13 02:39:19 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'ovpns1'
Sep 13 02:39:19 configd.py: [cd83e9ad-8a4c-4ed8-a9f7-24e2da789d76] rc.newwanip starting ovpns1
Sep 13 02:39:19 kernel: ovpns1: link state changed to UP
Sep 13 02:39:19 configd.py: [249d32c0-65af-4bb4-81bc-edbfc399dc96] Reloading filter
Sep 13 02:38:57 configd.py: [dab74afd-ced8-45e1-9dbf-d72399c19407] Reloading filter
Sep 13 02:38:57 kernel: ovpns1: link state changed to DOWN
Sep 13 02:38:36 opnsense: /usr/local/etc/rc.newwanip: Interface '' is disabled or empty, nothing to do.
Sep 13 02:38:35 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'ovpns2'
Sep 13 02:38:35 configd.py: [27ab7445-31cb-4b51-98c9-87420e82856d] rc.newwanip starting ovpns2
Sep 13 02:38:35 kernel: ovpns2: link state changed to UP
Sep 13 02:38:35 configd.py: [2f5732e1-db7d-43b8-9f2e-c05775d483bd] Reloading filter
Sep 13 02:38:14 configd.py: [467fc001-9fcc-48ca-86b6-7b22f35ae2e0] Reloading filter
Sep 13 02:38:14 kernel: ovpns2: link state changed to DOWN
Sep 13 02:38:14 opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN.
Sep 13 02:37:52 configd.py: unable to sendback response [OK ] for [interface][linkup][['start', 'em1']] {a54bba41-7551-40c7-a3dc-16fe8fa6acac}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 202, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe
Sep 13 02:37:49 opnsense: /usr/local/etc/rc.linkup: The command '/sbin/route delete -inet '192.168.10.0/24'' returned exit code '1', the output was 'route: route has not been found delete net 192.168.10.0 fib 0: not in table'
Sep 13 02:37:49 opnsense: /usr/local/etc/rc.linkup: The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf em1 > /tmp/em1_output 2> /tmp/em1_error_output' returned exit code '1', the output was ''
Sep 13 02:37:49 opnsense: /usr/local/etc/rc.linkup: HOTPLUG: Configuring interface wan
Sep 13 02:37:49 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet attached event for wan
Sep 13 02:37:49 configd.py: [724674ff-a5c8-4bd7-809f-702114f51e5f] Linkup starting em1
Sep 13 02:37:49 opnsense: /usr/local/etc/rc.linkup: Clearing states to old gateway 192.168.177.1.
Sep 13 02:37:49 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet detached event for wan
Sep 13 02:37:49 configd.py: [b6c0122c-38cf-4580-8ce8-171c42dbcf13] Linkup stopping em1
Sep 13 02:37:49 configd_ctl.py: error in configd communication Traceback (most recent call last): File "/usr/local/opnsense/service/configd_ctl.py", line 65, in exec_config_cmd line = sock.recv(65536) timeout: timed out
Sep 13 02:37:29 opnsense: /usr/local/etc/rc.newwanip: ROUTING: setting IPv4 default route to 192.168.177.1
Sep 13 02:37:29 opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.177.55) (interface: WAN[wan]) (real interface: em1).
Sep 13 02:37:29 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'em1'
Sep 13 02:37:18 kernel: em1: link state changed to UP
Sep 13 02:37:10 opnsense: /usr/local/etc/rc.linkup: The command '/sbin/route delete -inet '192.168.10.0/24'' returned exit code '1', the output was 'route: route has not been found delete net 192.168.10.0 fib 0: not in table'
Sep 13 02:37:10 opnsense: /usr/local/etc/rc.linkup: The command '/sbin/route add -'inet' default '192.168.177.1'' returned exit code '1', the output was 'route: writing to routing socket: Network is unreachable add net default: gateway 192.168.177.1 fib 0: Network is unreachable'
Sep 13 02:37:10 opnsense: /usr/local/etc/rc.linkup: ROUTING: setting IPv4 default route to 192.168.177.1
Sep 13 02:36:23 kernel: em1: link state changed to DOWN
Sep 13 02:35:49 opnsense: /usr/local/etc/rc.linkup: HOTPLUG: Configuring interface wan
Sep 13 02:35:49 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet attached event for wan
Sep 13 02:35:49 configd.py: [a54bba41-7551-40c7-a3dc-16fe8fa6acac] Linkup starting em1
Sep 13 02:35:49 kernel: em1: link state changed to UP
Sep 13 02:35:44 opnsense: /usr/local/etc/rc.linkup: Clearing states to old gateway 192.168.177.1.
Sep 13 02:35:44 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet detached event for wan
Sep 13 02:35:44 configd.py: [bf9e83d3-05a9-44a5-82c3-f3800368d9ad] Linkup stopping em1
Sep 13 02:35:44 kernel: em1: link state changed to DOWN

8
17.7 Legacy Series / Re: Web Admin Hanging When Using Firefox on Windows
« on: September 13, 2017, 02:20:51 pm »
I have similar problems. The combo boxes are very slow. I click on it and it takes 10 seconds to open.
When I close all my tabs in FF, it's working fast but not with all my tabs open.
Strange is that this only happens with OPNsense and no other site.

9
German - Deutsch / Re: Plötzlich 8 IPSec Tunnel weg. Fehler in OPNsense
« on: September 01, 2017, 09:59:46 pm »
Alle löschen hat nicht funktioniert. Nach längerem Suchen hab ich den Fehler in OPNsense gefunden.
Ich hatte im IPSec Mobile Client PFS auf 14, also 2048, konfiguriert. Mobile Client war aber
abgeschaltet. Trotzdem werden für alle VPNs die PFS Group aus dem Mobile Client genommen.

10
German - Deutsch / Re: Plötzlich 8 IPSec Tunnel weg. Fehler in OPNsense
« on: September 01, 2017, 04:27:11 pm »
Ja. Alles gemacht. Gerade hat OPNsense wohl die Config neu geschrieben und die VPNs waren wieder weg.
Egal ob ich neu boote oder bei IPSec etwas ändere.
die ESP DH Group steht falsch in der ipsec.conf

11
German - Deutsch / Re: Plötzlich 8 IPSec Tunnel weg. Fehler in OPNsense
« on: September 01, 2017, 10:42:58 am »
Egal was ich mache, das Problem bleibt.
Habt ihr noch einen Hinweis was ich machen kann?

12
German - Deutsch / Re: Plötzlich 8 IPSec Tunnel weg. Fehler in OPNsense
« on: August 29, 2017, 10:52:00 pm »
Ich habs gerade versucht. Egal was ich mache, in der config.xml stehen die richtigen Werte.
In der ipsec.conf sind sie falsch.
Was kann ich noch tun um den Fehler zu finden?

13
German - Deutsch / Re: Unterschiedliche Firewallregeln für verschiedene IPSec Verbindungen
« on: August 29, 2017, 10:12:45 pm »
Ja genau. Darum geht es.
Bis 2018 hab ich dann auch OpenVPN am laufen. ;)

Wie kann ich die Netze in der Firewall über die Kennung trennen? Ich habe dazu nichts gesehen.

14
German - Deutsch / Re: Plötzlich 8 IPSec Tunnel weg. Fehler in OPNsense
« on: August 29, 2017, 12:34:10 pm »
Wie prüfe ich ob der Config-Apply-Restart ausgeführt wird?

15
German - Deutsch / Re: Plötzlich 8 IPSec Tunnel weg. Fehler in OPNsense
« on: August 29, 2017, 11:01:45 am »
Kein Cluster. Aktuelle 17.7er Version.
Ein Neustart bringt leider gar nichts.
Sind alles IKEv1 VPNs.

Bevor das Problem aufgetreten ist hatte ich das einzige VPN mit Aggressive Mode
auf Main Mode geändert. Das war alles. Ob das die Ursache war kann ich nicht
sagen.

Pages: [1] 2
OPNsense is an OSS project © Deciso B.V. 2015 - 2019 All rights reserved
  • SMF 2.0.15 | SMF © 2017, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2